Staying vigilant and aware on cyber security

Ask Control Engineering: With the high profile coincidental computer glitches, is it possible they are cyber attacks and no one is saying? What else is happening that we don't know about? Link to resources that could help a discern whether a computer glitch is just that or perhaps a cyber security attack.
By Chris Vavra July 30, 2015

Ask Control Engineering: With the high profile coincidental computer glitches, is it possible they are cyber attacks and no one is saying? What else is happening that we don’t know about?

Answer: That’s certainly a possibility, and a concern that Control Engineering has been raising for some time. One automation company executive said at a conference in June, "I don’t think there’s any plant out there that hasn’t been hacked, whether they know it or not."

When it comes to cyber security, consider this advice.

Wi-Fi and wireless Ethernet, in particular, have become ubiquitous in manufacturing. While they’re a great convenience, they are vulnerable to cyber attacks. Companies can deal with this problem if they keep their technology up to date and be vigilant and aware at all times.

Here is a typical industrial router as you might see installed in your plant. Is it the latest version? Or is it one that’s been there for many years and cannot be secured adequately to keep your network safe? This one is a current design, but can you tel

Being vigilant means working on limiting the potential for social engineering, or human hacking, incidents. Social engineering is the most common method of compromising a secure Wi-Fi network because companies rely on human behavior to protect their network and human behavior is imperfect, at best. 

Figure: Diagram of Denial of Service (DoS) attacks with a chart explaining intentional and unintentional level 1 (Physical layer) and level 2 (MAC layer) attacks. Courtesy: Daniel E. Capano, Diversified Technical Services Inc.

Companies should also be aware of cyber security insurance for their plant. While it isn’t common right now, expect it to become the norm as the world trends more and more towards mobile devices rather than stationary machines.

 

The 2015 Control Engineering cyber security study indicates that more than three-quarters of respondents believe that their control systems are in moderate to severe danger of being attacked.

Control Engineering is running a poll about whether users check the ICS-CERT website for cyber security vulnerabilities for an in-stock item that may have emerged since the product has been in stock?

Control Engineering has a partnership with ISSSource. See recent security related posts from ISSSource, a Control Engineering content partner.

– Chris Vavra, production editor, CFE Media, Control Engineering, cvavra@cfemedia.com.

ONLINE extra

– See the Control Engineering cyber security page.